Siemens patches security flaws in SCADA systems

The German industrial giant plugged a dynamic link library (DLL) hijacking vulnerability in SIMATIC STEP 7 and PCS 7 software, which are used to configure SIMATIC S7 programmable logic controllers (PLCs) used in a variety of industrial applications, including energy, water and wastewater, oil and gas, chemical, building automation, and manufacturing, according to the ICS-CERT advisory.

The vulnerability allowed the loading of malicious DLL files into the STEP 7 project folder that could be used to attack the system on which the software is installed. An attacker could execute arbitrary code by exploiting the vulnerability.

In addition, Siemens patched an insecure SQL server authentication vulnerability in its SIMATIC WinCC and PCS 7 software. SIMATIC WinCC is a software package used as an interface between the operator and the PLC, another advisory related.

The vulnerability in SIMATIC WinCC involved the use of default SQL server credentials, which cannot be changed or disabled, that allowed administrative access to the database. The vulnerability could enable an attacker to gain unauthorized access by using the default credentials to read from or write to files and settings on the target system. The flaw can be remotely exploited, and public exploits do exist.

Christopher Brook commented on the Kaspersky Lab’s Threatpost blog that the holes plugged by Siemens appeared to resemble flaws exploited by the Stuxnet worm.